Where you work now, where you used to work, where friends of yours have worked... How are divisions between group responsibilities determined and why?
Obviously, for tiny companies, one guy does all the IT, or has a guy that works mostly at (x) to help every now and then. Medium companies, maybe there's a operations group, a helpdesk group, and an engineering team with little vertical division between the horizontal levels. I'm interested in the larger companies on up... what's in those towers and how did it get there?
Example: marketing is in charge of external DNS, because it is customer- and public-facing. Datacenter guys see only switches and racks in major datacenters; switching and WAN stuff goes to the LAN/WAN team. All firewalls are under network security except for the firewalls managed by operations in the segmented environs... stuff like that.
What is your definition for a "larger" company? 10,000+ employees/50,000+ employees/etc?
Some larger companies are only 1000 employees, if they build out those tower walls... not a hard and fast rule on company size, I'm more interested in how IT culture develops and what some driving factors are in that process.
As a guy working for $VENDOR, I'm going to be looking into a lot of environments, each with its own twists and turns. Knowing more about how things become the way they are seems like something that would be good to know.
We have helpdesk teams per region (eg. North America, South America, Asia, etc). Then we have "LAN/PC Tech" teams per location (they handle local racking of equipment, local firewalls, VLAN management, cable runs, etc). And then we have a global "Infrastructure" team (my team) that handles the WAN, datacenter operations, external DNS, cloud (Azure/O365/etc), AD root, and anything else that would basically affect/touch all regions and locations.
Quote from: Nerm on October 12, 2017, 08:32:40 AM
We have helpdesk teams per region (eg. North America, South America, Asia, etc). Then we have "LAN/PC Tech" teams per location (they handle local racking of equipment, local firewalls, VLAN management, cable runs, etc). And then we have a global "Infrastructure" team (my team) that handles the WAN, datacenter operations, external DNS, cloud (Azure/O365/etc), AD root, and anything else that would basically affect/touch all regions and locations.
So do the helpdesk teams integrate with the LAN/PC Tech teams?
Quote from: deanwebb on October 12, 2017, 10:13:04 AM
Quote from: Nerm on October 12, 2017, 08:32:40 AM
We have helpdesk teams per region (eg. North America, South America, Asia, etc). Then we have "LAN/PC Tech" teams per location (they handle local racking of equipment, local firewalls, VLAN management, cable runs, etc). And then we have a global "Infrastructure" team (my team) that handles the WAN, datacenter operations, external DNS, cloud (Azure/O365/etc), AD root, and anything else that would basically affect/touch all regions and locations.
So do the helpdesk teams integrate with the LAN/PC Tech teams?
Yes, in fact most of the time they are the same people pulling double duty.
Over to the infra team, do you guys get compartmentalized in certain techs, or are you supposed to be able to pretty much handle any infrastructure IT concerns?
There isn't any compartmentalized aspect of the infrastructure team.
Quote from: Nerm on October 12, 2017, 05:32:39 PM
There isn't any compartmentalized aspect of the infrastructure team.
So you gotta do
everything. Or do you get to at least emphasize something?
For us the rule of thumb is if a packet goes through a device it belongs to infrastructure. If it terminates on a device it belongs to a systems team. So infrastructure gets firewalls, switches, routers, load balancers, proxies, email gateways, packet brokers (gigamon/ixia), etc. The team is too small to specialize so we all do it all. We also typically get the data center stuff like PDUs, CRAC, UPS, etc. Oh, and don't forget we maintain VoIP as well.
-Otanx
Quote from: Otanx on October 13, 2017, 09:33:58 AM
For us the rule of thumb is if a packet goes through a device it belongs to infrastructure. If it terminates on a device it belongs to a systems team. So infrastructure gets firewalls, switches, routers, load balancers, proxies, email gateways, packet brokers (gigamon/ixia), etc. The team is too small to specialize so we all do it all. We also typically get the data center stuff like PDUs, CRAC, UPS, etc. Oh, and don't forget we maintain VoIP as well.
-Otanx
Do also mange server-side network functions like DHCP, DNS, NTP?
Nope, those are all handled by the systems teams. We do have a few network servers like RANCID, Cacti, etc. but even then the systems team maintains the server, we just maintain the application.
-Otanx
Quote from: Otanx on October 16, 2017, 09:46:44 AM
Nope, those are all handled by the systems teams. We do have a few network servers like RANCID, Cacti, etc. but even then the systems team maintains the server, we just maintain the application.
-Otanx
But in the cases I mentioned above, the systems team is also in charge of DHCP and DNS, as you say. How good is cooperation between teams?
Pretty good in our case. My team has rights to DNS to add/remove our items. If we need something done we can't then a quick call, and ticket gets it taken care of (unless it is of change board interest). We automated the infrastructure DNS changes so while I still have rights to do it by hand, but only have to do that if the script breaks. Removing entries is actually a help desk task as part of decommissioning a host. So while I can do it if I am in a hurry that isn't something we do very much of. I am pretty sure the next rights review by cyber will have our DNS rights removed.
None of our gear uses DHCP. We just need to know the address for adding the helper commands, and that is just part of building a new VLAN.
Looking at our original post again I see you specified public DNS. That would be the poor cooperation side. That is "out sourced" to our parent company. We submit a ticket, and 3 or 4 weeks later they will have implemented the wrong thing. Then another 2 weeks, and it will be done. I don't even know a name of someone on the DNS team, or even the city they physically sit. Luckily we don't do much public facing stuff.
-Otanx
Does a technical team handle external DNS, or is that in the hands of a non-technical team?
To be honest I don't know. I think it is a technical team somewhere at the parent, but the only interaction I have with them is submitting a change request and waiting. There is a marketing/PR finger in the pie (just as you said in the OP), and why we are not allowed to run our own DNS servers for our domain. They think if we run our own servers we are going to start using inappropriate words for host names or something. I just don't know if they do it all, or just are an approval step.
-Otanx
Another thing I'm interested in is how well mergers go for the IT guys. I can see two major problem groups: culture clashes and lack of visibility into the newly acquired environment.
Well I may be modifying my original post seeing as how it was just announced that our entire IT org is being restructured and my roles counterpart was just laid off as well as my boss.
sorry to hear that. Get on the front foot
Quote from: Nerm on October 18, 2017, 08:21:07 PM
Well I may be modifying my original post seeing as how it was just announced that our entire IT org is being restructured and my roles counterpart was just laid off as well as my boss.
Wow. Ouch. That's another part of the question, who handles what after a layoff...
Quote from: deanwebb on October 19, 2017, 09:39:38 AM
Quote from: Nerm on October 18, 2017, 08:21:07 PM
Well I may be modifying my original post seeing as how it was just announced that our entire IT org is being restructured and my roles counterpart was just laid off as well as my boss.
Wow. Ouch. That's another part of the question, who handles what after a layoff...
hopefully it s the people that did the layoffs, for we know it's not those layed off.